SECURITY AND COMMUNICATION NETWORKS
Security Comm. Networks (2012)
Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.597
REVIEW ARTICLE
Comparative study of trust and reputation systems for
wireless sensor networks
Osman Khalid1, Samee U. Khan1, Sajjad A. Madani2, Khizar Hayat2, Majid I. Khan2,
Nasro Min-Allah2, Joanna Kolodziej3, Lizhe Wang4, Sherali Zeadally5 and Dan Chen6
1
2
3
4
5
6
North Dakota State University, Fargo, ND, U.S.A.
COMSATS Institute of Information Technology, Islamabad, Pakistan
Cracow University of Technology, Cracow, Poland
Center for Earth Observation and Digital Earth, Chinese Academy of Sciences, Beijing, China
University of the District of Columbia, Washington DC, U.S.A.
China University of Geosciences, Wuhan, China
ABSTRACT
Wireless sensor networks (WSNs) are emerging as useful technology for information extraction from the surrounding environment by using numerous small-sized sensor nodes that are mostly deployed in sensitive, unattended, and (sometimes) hostile
territories. Traditional cryptographic approaches are widely used to provide security in WSN. However, because of unattended
and insecure deployment, a sensor node may be physically captured by an adversary who may acquire the underlying secret
keys, or a subset thereof, to access the critical data and/or other nodes present in the network. Moreover, a node may not
properly operate because of insufficient resources or problems in the network link. In recent years, the basic ideas of trust
and reputation have been applied to WSNs to monitor the changing behaviors of nodes in a network. Several trust and
reputation monitoring (TRM) systems have been proposed, to integrate the concepts of trust in networks as an additional security
measure, and various surveys are conducted on the aforementioned system. However, the existing surveys lack a comprehensive
discussion on trust application specific to the WSNs. This survey attempts to provide a thorough understanding of trust and
reputation as well as their applications in the context of WSNs. The survey discusses the components required to build a
TRM and the trust computation phases explained with a study of various security attacks. The study investigates the recent
advances in TRMs and includes a concise comparison of various TRMs. Finally, a discussion on open issues and challenges
in the implementation of trust-based systems is also presented. Copyright © 2012 John Wiley & Sons, Ltd.
KEYWORDS
trust; repute; WSN; trust and reputation systems
*Correspondence
Samee Khan, Electrical & Computer Engineering Dept, 1411 Centennial Blvd, North Dakota State University, Fargo, ND 58102, U.S.A.
E-mail: [email protected]
1. INTRODUCTION
Wireless sensor networks (WSNs) consist of thousands of
tiny embedded computers known as motes. Each mote is
equipped with a specific type of sensor to sense information from surrounding environment. The collected information is relayed from sensor to sensor, using a secure
multihop routing protocol, until the data reaches the desired destination, known as sink, as shown in Figure 1.
At the sink, the data aggregation and analysis takes place
[1,2]. The WSN technology has applications in many
areas, such as industry, environment, seismology, construction, transportation, military warfare, traffic control,
and agriculture [3,4]. Despite their quick deployment and
Copyright © 2012 John Wiley & Sons, Ltd.
significant advantages over traditional methods, WSNs
have to overcome various security problems because of
the possibility of the presence of one or more faulty and
malicious nodes in the network. A sensor node is always
at risk of being compromised by an adversary, who may
capture the node’s cryptographic keys. Such an attack is
also referred as insider attack [5] in which an adversary
node would appear to be a legitimate member of the
network. Once a sensor node is captured, an adversary
may sniff and inject packets with falsified data that may
compromise the node’s data integrity. The adversary may
reprogram the sensor node to carry out various tasks that
may eventually prove detrimental to the overall system.
Therefore, security and privacy challenges of WSN must
O. Khalid et al.
Trust and reputation systems for wireless sensor networks
Wireless Sensor Network
Sink
Sensor Nodes
Figure 1. A wireless sensor network consists of numerous autonomous nodes where each node collects data from environment and
sends to a sink for analysis by the user.
be addressed to prevent the system from turning against
those for whom the system has to render benefit. Although
external security attacks on WSN may be countered by the
use of cryptographic techniques, cryptography is not that
effective against the internal insider attacks by the malicious
node. In addition, the nodes are constrained by their limited
resources in the form of processing capability, bandwidth,
and storage. Therefore, the nodes cannot support the
heavy computations of cryptography-based protocols. The
aforementioned limitations necessitate the design of security
protocols that are resource economical, provide acceptable
degree of protection at node-level decision making, and meet
the security demands of the application.
One approach that has gained global recognition in providing an additional means of security for decision making
in WSNs (i.e., to trust a node for communication or not) is
the trust and reputation monitoring (TRM) system. TRM
deals with the problem of uncertainty in decision making,
by keeping the history of a node’s previous behavior
(repute). A node is trusted and will be forwarded with the
packets only if the node holds a good repute; otherwise, the
node will be considered untrustworthy. TRM provides a
natural choice for security in open systems—the Internet
and social networking—for being computationally tractable.
For the past few years, there has been much research in
the area of TRMs for WSNs [6–16]. In the literature, the
concepts of trust have been applied to various network layers
to enable the nodes to take appropriate decisions in identifying the adversaries. Numerous surveys have been conducted
on the subject in various network domains [17–26]. In
[17,18,23], the authors restricted their analysis to various
trust models in the context of mobile ad hoc networks
(MANETs). In [21,24], the authors discussed different
applications of trust in a general wireless communication
environment, whereas in [22], the authors presented an
overview of trust applications in various other domains (not
specific to WSN). In [25], the authors surveyed the trust
protocols for secure localization in WSN. The authors in
[26] compared some TRMs, but most of the techniques
presented in the paper are not recent. In [20], the authors
indicated some best practices in developing a trust model
for WSN, but the thorough discussion is lacking on actual
working of the models referenced in the paper.
Most of the aforementioned surveys focus on either trust
application for MANETs or other domains but do not
specifically target WSNs. In contrast, this survey attempts
to address these deficiencies and provides a focused study
on the application of trust and reputation in WSNs. We
describe in detail how a TRM is modeled, what major
elements a TRM is made of, and what phases are involved
in modeling a TRM. Through various examples, we illustrate
how trust and reputation have the potential to be effective for
providing an increased security in WSNs, along with the
cryptography. After providing a general understanding of
trust and reputation modeling, we compare some of the latest
proposals for TRMs. The survey highlights the important
characteristics of selected TRMs and discusses their pros
and cons.
The rest of the survey is organized as follows. Section 2
presents an overview of the current network security techniques followed by an introduction to trust and reputation. This
section further discusses the security threats a WSN may
encounter. Section 3 treats the TRM in detail by exploring
the various components. Section 4 presents a comparison
of various state-of-the-art TRMs with a taxonomy presented
in Section 5. The hot open issues and recent challenges in the
implementation of trust-based systems in future-generation
WSNs are discussed in Section 6. The paper is concluded
in Section 7.
2. SECURITY, TRUST, AND REPUTATION
In a computer network, it is very important to control the
authentication and authorization of data and services. Using
authentication, only valid users must have access to the
system, and only those resources should be allowed to a user
for which the user is authorized. Similarly, to maintain the
confidentiality and integrity of data, some form of data
encryption/decryption using techniques such as cryptography may also be required (Figure 2). Much research has been
done to ensure a secure and reliable communication among
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
O. Khalid et al.
Trust and reputation systems for wireless sensor networks
Figure 2. The various services in terms of security provided by
cryptography technique.
the network devices, and many security protocols have been
devised. In this section, we first present a brief overview of
the existing security methods and then discuss the notions
of trust and reputation and their applications in WSN
2.1. Security
In practice, to ensure the secure communication among
devices, cryptography is considered one of the most reliable
tools. Cryptographic protocols are designed to securely
encrypt data for safe transfer across a network, by using
some cipher (encryption algorithm) to generate a cipher text
(encrypted data). Normally, the encryption is carried out
using some secret key(s), known to the sender and/or
recipient. The two basic approaches of cryptography are the
following: (i) symmetric key cryptography and (ii) asymmetric key cryptography [27]. In the symmetric key cryptography, both sender and receiver share a commonly shared
secret key that is used to encrypt and decrypt the data. In
contrast, the asymmetric key cryptography implies the use
of two different keys: (i) public key and (ii) private key.
The sender encrypts the message by using recipient’s public
key, and the recipient decrypts the message by using private
key. The popular algorithms for the asymmetric key cryptography are Rivest, Shamir, and Adleman [28] and Diffie–
Hellman [27].
In WSNs, the symmetric key cryptographic techniques
are mostly used, and the most commonly referred cryptographic protocols are elaborated in Table I. The sensor node
authentication is usually performed by the use of hash functions and digital signatures. The application of asymmetric
cryptography is limited to secure the distribution of lightweight secret keys, shared among the participating nodes.
This is because asymmetric key cryptography requires
intense mathematical computations beyond the capability
of a sensor node that is limited because of lesser resources,
be it processing, space, or battery power. Even if all
sensors have sufficient memory and processing power,
the necessary cryptographic procedures and primitives
based on the symmetric and asymmetric protocols are
usually too expensive for the most resource-constrained
network devices.
An interesting method of improvement of the well-known
cryptographic server or base station-based solutions was
proposed by Dutertre et al. in [29]. The authors defined the
autonomous key-management services that allow to share
the small sets of secret keys among the neighboring sensors
and improve the scalability of the system (the number of keys
required does not increase with the network size). Xiao et al.
presented in [30] a detailed survey and taxonomy of key
management methods in WSN classified into seven main
categories, namely, (i) single network-wide key, (ii) pairwise
key establishment, (iii) trusted base station, (iv) public
key schemes (elliptic curve cryptography), (v) key predistribution schemes, (vi) dynamic key management, and (vii)
hierarchical key management.
Despite all that significant volume of research that has
been published and implemented [31,95] in the domain
of the effective key management in WSN, it seems that
cryptography still may not be sufficient to provide complete
security to the sensor nodes. Therefore, in many realistic
approaches, some additional security layer is required. In
the next subsection, we discuss the usage of trust and reputation as a supplement for the current cryptographic security
mechanisms.
2.2. Trust and reputation
In recent years, TRMs have emerged as useful methodologies for the provision of security in WSNs. The use of the
words “trust” and “reputation” is commonplace in our daily
lives. The repute of a person is established from previously
performed actions. If a person is consistently honest, then
Table I. Example proposals, from the literature for cryptographic security implementation of WSNs.
Proposal
SPINS [59]
TinySec [60]
SERP [61]
TinyPK [62]
SEF [63]
INSENS [64]
Description
Provides data confidentiality, authentication, and freshness (SNEP) and authenticated broadcast (mTESLA)
Provides security at the link layer and is implanted on TinyOS
Use of cryptographic keys to authenticate an event report
Use of RSA public key techniques for security on TinyOS
Message validation through multiple-keyed MACs and additional filtering in sink node
Use of hash-chained MAC to secure the routing
WSN, wireless sensor network; SNEP, secure network encryption protocol; RSA, Rivest, Shamir, and Adleman; MAC, message authentication code;
SPINS, security protocols for sensor network; SERP, secure event reporting protocol; SEF, statistical en-route filtering; INSENS, INtrusion-tolerant routing
protocol for wireless SEnsor NetworkS.
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
Trust and reputation systems for wireless sensor networks
with time, his or her reputation would be good, and everybody would trust him or her. The same concept is applied
in TRMs; a node will prefer to interact with a well-reputed
neighboring node. In the context of WSNs, from different
literature resources, one can find various definitions of trust
[32,24], all with the same implications.
In practice, trust is defined as how much a node matches
the expectations of another node. The concept of trust is
especially important in an environment where there is some
degree of uncertainty. In WSNs, the nodes are always at risk
of being compromised by an adversary. The most common
applications of trust in WSNs include, but are not limited
to, malicious node identification, secure routing, secure
cluster head selection, and secure data collection [33].
In contrast to trust, the term reputation may be defined as
the global perception about a node of being trustworthy, or
otherwise, in a network [24]. The reputation is the
collective trust opinion of other nodes about the behavior
of a subject node. In other words, reputation may be understood as the trustworthiness of a node [34]. Repute is the
measure of belief in a node that cannot be physically quantified through discrete values. Moreover, the reputation is used
to perform statistical prediction of a node’s behavior. In
TRMs, the repute is usually represented as Rij—the
reputation of node j is computed by node i. Unlike trust,
the reputation is computed and stored as a probabilistic distribution [6,35–37]. In a network, each sensor node maintains
the repute of neighboring network nodes, in a data structure,
called a reputation table RTi (reputation table for node i) [6].
We will explore different methodologies used for measuring
trust and reputation parameters in Section 3.
2.3. Characteristics of trust
The notions of trust and reputation originated from the field
of social sciences that studies the deportments of human
communities. To better understand, we must know certain
characteristics that the “trust” must have.
• Asymmetry: Trust is unidirectional and asymmetric,
that is, if Person A trusts Person B, then it does not
necessarily imply that B trusts A.
• Subjectivity: Trust is subject to the expectations one
person has from another. The opinion that Person A
holds about Person B depends on two factors: (i) how
well Person B is responding to the queries of Person
A and (ii) how much of extra demanding Person A is.
Assume that a community’s common opinion about
Person B is that Person B is well behaved. However,
it may still be possible that Person A holds quite an
opposite opinion about Person B because of the
former’s more demanding nature. Therefore, Person
A’s trust is subject, probably, to the high expectations
that Person A has from Person B.
• Partial Transitivity: Trust may or may not be transitive. If Person A trusts Person B and Person B trusts
Person C, then it is not necessary that Person A would
trust Person C (and vice versa). This scenario indicates
O. Khalid et al.
that Person A might have quite a different degree of
trust from Person B’s trust assessment of others. To
have trust on the trust assessment of a Person X is also
called the credibility of Person X [38]. Credibility is
an important factor for the establishment of trust in a
system with no central trust management.
• Context Sensitivity: Whenever Person A establishes a
trust opinion about Person B, the opinion also depends
on the context Person A has formed that opinion [24].
For example, Person A might trust Person B in some
task T1. However, Person A may not trust Person B in
tasks T2 and T3. Therefore, the context must also be
considered on the basis of which Person A will hold a
trust rating for Person B.
In Figure 3(a,b), we graphically define the properties
intransitivity and subjectivity, respectively. Figure 3(a) indicates that the transitive relationship cannot hold in the case of
trust, where A and B, and B and C may trust each other but A
and C may not. In Figure 3(b), A has higher trust rating for B
in one task but has lower trust rating for B in another task.
Figure 3(c) gives a summary of the various characteristics
of trust discussed in the preceding paragraphs.
In daily life, we find the applications of trust wherever
decision making is involved. Trust and reputation is
applied in various domains, especially when the entities are
interacting in a network. The network may be a social
network, a simple computer network, or any other advanced
form. Trust has been applied by researchers in various
domains, namely, (i) peer-to-peer (P2P) systems, (ii) grid
computing, (iii) opportunistic computing, (iv) e-commerce,
(v) social networking, and (vi) WSNs. A few proposals on
application of trust in specific areas are indicated in Table II.
In P2P systems, the network consists of distributed
equally privileged peers that may share the disk partitions,
processing resources, and computation workloads (e.g.,
P-Grid, Freenet, Usenet, and Kazaa) [39]. There is no central
authority to regulate security and protection measures among
the peers. Moreover, the peers frequently join and leave the
network. Therefore, the network is vulnerable to various
security threats by malicious peers. Aberer and Despotovic
[40] devised a repute computation technique for P2P
systems. In the technique, repute is computed on the basis
of a peer’s behavior in earlier transactions with other peers.
The probability that a peer may cheat is computed by
applying data mining techniques and statistical data analysis
techniques on an agent’s previous transactions.
In grid computing, a network of loosely coupled
heterogeneous systems is designed by the use of
(middleware) software libraries [41]. The workloads on a
grid are generally noninteractive. Apart from a local infrastructure, a grid may be designed by using computing
resources provided by individuals (volunteers) outside the
organization (e.g., Berkeley Open Infrastructure for Network
Computing). A drawback of such approaches is the fact that
the participating nodes may not be exclusively trustworthy.
Therefore, the designers of the grid system must employ
some security measures, such as the integration of trust and
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
O. Khalid et al.
Trust and reputation systems for wireless sensor networks
Trusts
Trusts 30% in
task X
B
A
B
A
Trusts
May or may
not trust
C
C
Trusts 70% in task X
(b). Subjectivity
(a). Intransitivity
(c). Trust Properties
Figure 3. Various characteristics and attributes of trust.
Table II. Application of trust and reputation in various domains.
Area
E-commerce
Social networking
Peer-to-peer systems
Grid computing
Opportunistic computing
References
[65–71]
[72–75,47,76,77]
[78–83,40]
[84–86,42,87,88]
[44,89–92]
reputation, to identify the nodes producing the false and
misleading results. Papalilo and Freisleben [42] presented a
scheme for applying the trust factor in a grid computing
environment. With simple statistical methods used, the deviations in the participating nodes’ behaviors are computed, and
the malicious nodes are identified.
The opportunistic computing provides an opportunity
for communication and computation by exploring unused
computing resources within a network without any prior
knowledge about the location and capacity of the resources
[43]. An opportunistic network is ubiquitous with intermittently
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
communicating devices cooperating with each other in certain tasks by using middleware services architecture. The
middleware services manage disconnections, heterogeneous
computing resources, delay tolerance, and data services.
It is very important to establish a secure communication in
such an environment where devices do not have a priori
information about each other. Trust establishment is one of
the most challenging areas of opportunistic computing [43].
Vinel et al. [44] have discussed the application of trust on
VANETs. The authors have explored the minimum
communication latency required to guarantee trustworthiness
in VANETs by using parameters such as the number of
vehicles and the number of intruders.
In e-commerce, the applications have a centralized
reputation management system [45]. Most frequent uses of
trust and reputation in e-commerce are found in Web-based
online shopping applications (e.g., Amazon.com). In such
applications, the business is performed on the basis of
trustworthy relationship between the buyer and the seller. If
the seller is coming up to the expectations of the buyer, then
more customers would be attracted towards the business. In
O. Khalid et al.
Trust and reputation systems for wireless sensor networks
some scenarios, an online seller may hire the services of
some well-reputed third party (e.g., PayPal), which the
clients may trust more. Few systems (e.g., eBay and Yahoo
auctions [45]) employ trust-based ranking techniques in
which a seller’s repute is updated (by a buyer) depending
on the quality of service delivered. Therefore, the buyers
would, in general, prefer to participate in bidding by a wellreputed seller.
A social networking site is an online application that
allows people to build social relationships, share ideas, and
join various communities on the basis of similar interests
[46]. Trust and reputation systems have also been applied
in various social networking applications. Skopik et al. [47]
had discussed a model to assign trust and reputation for
virtual communities. The model is based on the repute
calculation for the participants of an online discussion forum
(slashdot.org). When a participant posts some comment, then
different viewers rate the comment positively or negatively
and may post the replies. A reply can be further rated and
commented by other users. Therefore, a chain of comment/
reply threads is formed. The parameters, such as the total
replies and the number of replies with positive ratings, are
used to establish the trust opinions about a participant.
Moreover, the participants that are more frequent in posting
comments are assigned more trust ratings. Data mining techniques are applied to extract relations among more trusted
participants and overall reputation of various participants.
However, there are no natural language processing techniques
applied by the authors to verify the quality of the comment.
In a WSN, the securing of each node is very important. A
malicious overtaking of some node may eventually prove
catastrophic and lead to the collapse of the whole network
at worst, beside the disclosure of some vital network information. Normally, a node misbehaves if the node either is
hacked or becomes resource deficient. Therefore, prior to
securing a network, we must understand the various types
of node misbehaviors that WSNs may usually encounter.
•
•
•
•
•
•
•
•
•
2.4. Types of node misbehaviors
There are two common types of misbehaving nodes:
(i) selfish nodes and (ii) malicious nodes. A node is
called selfish if the node does not cooperate with another
node because of some resource constraint (such as low
battery). A selfish node may have no intention to cause
harm to the system. There is also a possibility that an
adversary reprograms a captured node to act selfishly.
On the contrary, a malicious node has an intention to
cause maximum harm to the system, even at the cost
of node’s own resources [48,17]. The following are some
basic types of node misbehaviors.
• Black hole: The malicious node advertises that the node
has the shortest routes to the destinations. However,
when the malicious node receives a packet, the packet
is dropped.
• Gray hole: The malicious node may selectively forward
packets depending on the packet type. For example, the
•
•
malicious node may participate in routing by forwarding the routing packets. However, the node may not forward active data packets.
Bad-mouth: A few malicious nodes may collude to
propagate false information about a normal node
[49]. Therefore, the trust rating of a well-reputed node
may decrease.
False praising: In false praising or ballot stuffing
attack, in sharp contrast to the bad-mouth attack, the
malicious nodes collude to propagate a false positive
information about another malicious node. This
collusion helps the malicious nodes to maintain better
trust ratings and stay longer in the network.
Routing loop: A captured node may change route
information of the packets that may lead to routing
loops in the network. Too many packets in the
network because of routing loops may cause congestion and denial-of-service problems.
Wormhole: A group of adversaries may collude to
redirect traffic to a slow link that may cause congestion
and increased latency in the network.
Packet injection: A packet may be injected, with falsified
data, such as false source and destination identifiers.
Packet delay: A malicious node may randomly delay
the packets received for forwarding. The random
behavior of a node would keep the trust rating of the
node above a certain threshold. Therefore, the malicious
node may not be detected easily.
Sybil attacks: In such attacks, the node masquerades
its identity to appear as multiple identities to represent
more than one node. Therefore, it is difficult to detect
such a node acting maliciously when the node is
frequently changing its identities.
ID spoofing: An intruder may alternatively spoof the
source ID of the routed packets, leading to the disruption of routing. In such a scenario, it would also be
difficult to locate the intruder node.
Transient behavior: A node may alternate between the
roles of being adversary and well behaving (in an on–
off manner) to keep the repute of the node above a
certain threshold. Therefore, the node may not be
screened out as a malicious node.
Nodes collusion: A node may misbehave with one
group of nodes (cluster) and well behave with another
group. Such node behavior may create an environment of mistrust between the two groups.
Selfishness: Low battery is the most common example of resource constraint a node may experience in
a WSN. A node with low battery may participate in
the route discovery process. However, the node may
decline participation in the packet forwarding, which
renders the node becoming indistinguishable from
the packet-dropping malicious nodes.
Owing to the ongoing research and continued interest, in the
security of WSN, various computationally tractable models have
been proposed for the TRMs [15,10,13,12,6,7,34,50,35,36,51].
Such models require a lower resource consumption to
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
O. Khalid et al.
establish a defense system against various security threats
that have been mentioned in the previous paragraphs. In the
following section, we study the internal components and
the operational details of a TRM.
3. TRUST AND REPUTATION
MONITORING SYSTEM
A system that makes the use of trust and reputation information to calculate the trustworthiness of a node is called a
TRM. Such a system must be able to judge a node’s misbehavior and effectively distinguish between normal operating
and malicious node. In TRMs, the positive and negative
effects of a node’s action are observed. The observations
are aggregated in a specific trust table maintained by the
node. Statistical analysis is performed on the trust table data
to generate the node reputation.
Trust and reputation systems for wireless sensor networks
3.3. Centralized and distributed trust and
reputation monitoring
If trust and reputation are accumulated and stored by a
single entity in the whole network, then the TRM
is called centralized. Examples of such a centralized approach in e-commerce are Yahoo and eBay [45]. Alternatively, in a distributed case, the trust accumulation and
calculation task is distributed over all the participating nodes
[13,12,7,34,36,51].
3.4. Trust computation steps
Typically, a TRM performs the following steps for the
computation of trust:
•
•
•
•
information collection,
information dissemination,
information mapping to trust model, and
decision making [48].
3.1. Bootstrapping
A TRM may be initialized in three ways by considering the
following: (i) each network node as trustworthy, (ii) all nodes
as untrustworthy, and (iii) each node having a neutral trust
rating. The summary of initialization methods discussed in
various literatures is presented in Table III. In each interaction, the trust rating of a node either increases or decreases,
depending on the node’s behavior. The TRM must acquire
and process some information, to be discussed subsequently,
to make the relevant change to a node’s trust rating.
3.2. Observation—firsthand and
secondhand information
In a TRM, the nodes may share two types of information, namely, firsthand and secondhand. Firsthand information is the node’s personal experience through a
direct interaction with the neighboring node. Alternatively, indirect information is provided to the node by
other nodes on the basis of their own experiences with
the subject node. To understand the aforementioned
definition, we assume that there are four nodes, namely,
A, B, C, and D, in the network. The secondhand information node A holds about node B is the information
provided to node A by nodes C and D. Nodes C and
D had the information as a result of some recent direct
interactions they had, with node B. Hence, the secondhand information is the indirect information node A
acquires from other nodes about another node B, with
which node A is going to interact. In practice, most of
the TRMs use both firsthand and secondhand information
in the system [36]. However, some TRMs only apply to the
firsthand information mechanism [52,53]. Still, some TRMs
only utilize the secondhand information [34].
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
3.4.1. Information collection
In this step, the nodes collect the firsthand trust information. When a sensor node transmits a packet, the node
observes the neighboring node through a watchdog mechanism. The watchdog mechanism requires that, after sending
the packet to a neighbor, the node must observe the neighbor
in a promiscuous mode, as illustrated in Figure 4, to verify
whether the neighbor has forwarded or intentionally dropped
the packet [13,12,51]. If the neighboring node forwards the
packet, then trust rating is incremented and updated in the
sender node’s database. On the contrary, if the neighboring
node drops the packet, then trust rating is decremented in
the sender node’s database. In a different network setup with
nodes having directional (instead of omnidirectional)
antennas, the watchdog approach may not be as effective.
This is because a neighbor node may forward the packet in
a direction such that the sender node may not be in the path
of the signal.
3.4.2. Information dissemination
In a TRM, the network nodes disseminate their firsthand
information to the neighboring nodes. Such kind of disseminated information is called secondhand information, as represented in Figure 5. The use of secondhand information is
beneficial, and the reputation buildup process is faster. This
is because the secondhand information establishes a global
view of trust in the network. The nodes disseminate secondhand information either proactively, after some fixed time
intervals, or reactively, on the occurrence of some event or
when there is some substantial change in the network.
A node may share only the positive experiences that it had
with neighbors. However, the TRM may become the target
of ballot stuffing or false praise attacks (Section 2.4). Alternatively, a node may share only the negative experiences that
may expose the system to bad-mouth attacks (e.g., [50]). In
TRM frameworks [34,36], the nodes share both positive
O. Khalid et al.
Trust and reputation systems for wireless sensor networks
and negative experiences. Some reputation frameworks
(e.g., [52]) do not use the secondhand information altogether.
In such systems, the false report attack is avoided. However,
the reputation buildup process may take more time.
Shared information may be local—a node may share the
information only with the next-hop neighbors through multicast [34]. Alternatively, shared information may be global—
each node may share the information with all nodes in the
network. Global information sharing is mostly applied in
MANETs for the uniform distribution of trust [23,17]. Because of the node mobility in MANETs, network topology
changes continuously.
In practice, information dissemination is performed by
piggybacking trust information along with the normal
network traffic. The process may involve adding the payload
of trust information on the reply messages and location
request messages. To maintain secondhand information,
each node stores a local copy of the reputation table. Certain
weighting functions may be applied to the raw information to
mitigate the effect of false report attacks [51,34]. Figure 5
shows an example of information dissemination.
3.4.3. Information mapping to the trust model
During this phase, the network nodes combine the firsthand and secondhand information to generate a trust and
reputation metric. The firsthand information is direct information, and not much computation is required to incorporate
firsthand information into the reputation metric.
In contrast, authenticity of the secondhand information
is dubious, and more processing is needed to parse the
secondhand information into the reputation metric. However,
there must be some way to check the credibility of the reporting node as it might be the case that the adversary node report
falsely about a normal node. To assess the credibility of the
reporting node, various techniques have been proposed in
the literature. One such technique called the deviation test
has been proposed by Yu and Zhen [24] and is represented
by the following inequality:
j E ðBetaða; bÞÞ EðBetaðaF ; bF ÞÞj≥d
(1)
where d is a threshold, the value of which is set heuristically.
In the inequality given in Equation (1), a and b are the two
parameters of the statistical Beta distribution. The Beta
distribution is applied for decision making in a situation
when some kind of risk factor is involved. Here, a and b
define a node’s good and bad behaviors, respectively. The
expectation value E(Beta(a, b)) is the measure of the current
trust information node A has about node B, whereas E(Beta
(aF, bF)) refers to the new trust information provided by
some node C to the node A (about node B). The reporting
node C would be considered trustworthy if and only if the
left-hand side of inequality (1) produces a value that is less
than threshold d.
Various TRMs use a variety of statistical models to
evaluate the correctness of the secondhand information,
depending on the application and security requirements.
The most commonly used approach is the Beta distribution
[50,36] whose probability density function is expressed
using the Gamma function as
PðxÞ ¼ Betaða; bÞ
Γða þ bÞ a1
x ð1 xÞb1 ; 80≤x≤1; a≥0; b≥0
ΓðaÞΓðbÞ
(2)
where a denotes the good behavior and b represents the bad
behavior of a node. Equation (2) presents another way of
measuring the consistency of data by a reporting node. As
an example, let us suppose a node B provides the trust information to node A for p + q times. If information is consistent
for p times, then P(x) is represented as the probability that
the information would be consistent in the next observation.
If P(x) results in 1, then the reported information is consistent
and authentic; otherwise, the information is considered as
unauthentic information. The other statistical distributions
that are used in practice are Poisson, binomial, and Gaussian
distributions.
Another important aspect in the evaluation of trust is how
much weight factor must be assigned to the recently collected
trust information and the information collected in past. Some
frameworks may assign more weight to the trust information
collected in the past (e.g., [51]). In the scheme defined in
[51], the authors reported that a node may not receive severe
punishment if the misbehavior is for brief intervals of times.
Such node misbehaviors may occur because of temporary
link failures or some other resource constraints. The
drawback with the past information collection approach is
that, if some malicious node settles itself in the network
and stays undetected for a while, then it may not be easy to
identify such a node because of shorter misbehaviors
performed by the malicious node.
In contrast, some frameworks assign more weight to the
recently reported trust information [36]. This may require
the nodes to continuously contribute to the network traffic
for their survival. In such systems, the node reputation
decrements automatically after a specific interval of time.
Therefore, problems may occur at times when there is low
network activity. In [34], beacon nodes are used to generate
traffic in low network activity areas. The technique prevents
the node reputation from falling below a certain threshold,
whenever there is low network activity.
¼
3.4.4. Decision making
The final step involves the decision-making process. The
decision is based on the precompiled trust values. A decision
may be one of the two binary values, where a “1” means to
cooperate and forward the packet and a “0” means not to
cooperate. Figure 6 graphically illustrates the decisionmaking process.
Another aspect that may affect the decision-making
process is the functional reputation of the node. For example,
two nodes A and B are exchanging data in a specific application App, such that the application is hosted on node A.
Assume that App is running two services S1 and S2. Service
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
O. Khalid et al.
S1 requires more resources compared with S2. Now, there is a
possibility that, after some time, because of resource
constraints, node A may cease to cooperate with node B for
service S1. However, node A may resume cooperation with
node B for service S2. This implies that node B may have
different trust ratings (functional reputations) for node A for
the two services S1 and S2. In practice, the functional reputation is implemented by assigning trust rating for each service
that a node is sharing with another node.
4. STATE OF THE ART TRMs
For many years, there has been an ongoing research in the
design of “nature-inspired” protocols, and as a result, considerable achievements in the improvement of communications
and resource conservations in various domains of computer
networks have been observed. The application of trust in
computer networks is also based on such inspiration.
Security researchers develop trust and reputation-based
models by leveraging results from other areas including
mathematics, statistics, social sciences, and computer
sciences. In this section, we discuss some of the existing
TRMs along with their features and operations in detail.
4.1. Collaborative reputation
mechanism [51]
Collaborative reputation mechanism (CORE) is a distributed trust model, in which reputation is calculated from
the firsthand and secondhand information. Each node
within the system maintains a trust table that holds the
positive or negative repute for other nodes. During the
network initialization, the route discovery is performed
using dynamic source routing [54], and the nodes are
assigned a neutral trust value. After sending a packet forwarding request, each node operates in a watchdog
promiscuous mode to collect the direct trust value of the
neighboring node. If the neighboring node responds positively, then the sender increments the positive trust value
for the recipient; otherwise, the node decrements the trust
rating. The indirect reputation of a node is collected by
sending a request to the neighboring nodes and receiving
the corresponding replies. To counter the bad-mouth
attack, a node can only send positive information about
other nodes. The nodes also compute the functional reputation that determines the trustworthiness of a neighboring
node by utilizing specific functional parameters, such
as routing and packet forwarding. Different weights may
be assigned to different functions, depending on the
application requirements. Finally, the total trust value of
a node is computed by combining direct, indirect, and
functional trust information. If the total trust computed by
node A for node B is positive, then, and only then, will
node A consider node B trustworthy. To survive within
the network, a node must continuously contribute to
network traffic. This is because, after a certain interval of
time, the trust values of nodes decrement to prevent the
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
Trust and reputation systems for wireless sensor networks
existence of selfishness within the network. CORE gives
more weightage to past observations than the recent interactions. Therefore, if a node fails because of temporary
network problem, then this will not cause a major change
in the node’s overall reputation. However, if a node continuously misbehaves, then the trust rating will decrease until
becoming negative whereby the node will be considered
malicious. The implementation of the functional reputation
by CORE has another advantage. A node may behave
selfishly for a specific task that requires more memory
and high battery power. However, the same node may
behave well for another task with low computational
requirements. Therefore, nodes with scarce resources are
not excluded from the network and keep on interacting
for tasks with lower resource demands.
4.2. Task-based trust for sensor
networks [6]
In this technique, the authors further enhanced the framework proposed by Boukerche and Li [55]. Boukerche and
Li suggested that when an intruder node is detected, then
the intruder is blocked by all of the neighbors, regardless of
the specific task in which the intruder node was misbehaving.
In task-based trust for sensor networks, a node maintains the
task-based trust value of the neighboring nodes. For example, when node A communicates with node B, then node A
may perform well in some tasks (e.g., time synchronization
with node B). However, node A may misbehave in other
tasks (e.g., packet forwarding to node B). Therefore, node
B may only block the packet forwarding task for node A.
As a result, the trust ratings are decreased only for a specific
task. The trust metric is computed by using Bayesian
theorem and Beta distribution because of low processing
capabilities of sensor nodes.
4.3. Lightweight secure trust-based
localization [10]
Pandarinath et al. [10] presented a mechanism to detect
those malicious nodes that may tamper with the location
information of nodes. Each sensor node maintains the
history and normalized count of the nodes traversed by the
packets within the network. A history of most frequently
used paths between the sender and receiver nodes is also
maintained. When a new packet arrives at the receiver, the
receiving node compares the path traversed by the packet
with a predicted path. A large deviation value of the path
indicates the suspected presence of some malicious node.
In contrast, if the packet arrives through the expected path,
the trust counter value (for the source node) is incremented
in the receiver’s trust table.
In the aforementioned scheme, whenever a node needs to
communicate, the node sends the route request packet to the
destination. The route request packet contains the source ID,
destination ID, source location, and message authentication
code (MAC). The MAC value is computed on the basis of
a secret key K, shared between the source and destination
Nodes are assigned neutral
trust rating.
Nodes are assigned neutral
trust rating.
ATSR [13]
DETM [7]
Nodes are initialized with
positive trust rating.
A neutral reputation value
is assigned to newcomer
nodes. Frequency of
interaction among nodes is
assumed to be high.
New nodes are assigned low
reputation value. Nodes have
CONFIDANT
[50]
RRS [35]
RFSN [36]
Each node is assigned
a neutral trust rating.
iTrust [12]
LSTL [10]
TTSN [6]
New nodes are assigned
neutral trust value. Frequent
contributions by nodes are
required.
New nodes are assigned a
neutral trust value. Taskbased node cooperation is
observed.
All nodes are assigned neutral
trust rating.
Network initialization
CORE [51]
Ref
Firsthand and secondhand
experiences are used
Both firsthand and
secondhand information
are used.
This is an event-triggered
repute update process.
Firsthand and secondhand
information is used.
Firsthand and secondhand
information are used.
Watchdog mechanism
is used.
Firsthand and secondhand
trust information are
maintained. Watchdog
mechanism is used.
The path traversed by a
packet from source to
destination is observed.
Periodic requests are
sent for firsthand and
secondhand information
collection.
Firsthand and secondhand
trusts are used. Watchdog
mechanism is used to
collect direct trust.
Only Firsthand information
is used.
Observation
Only positive information
is shared to prevent bad-
Beta distribution is applied.
False praise
attacks are avoided.
Various metrics such as
throughput, goodput,
and dropped packets are
considered for trust
computation.
Beta distribution is applied.
More weight is assigned
to the past information
and direct observation.
Only negative information
is shared.
More weight assigned to
the recent information.
Both positive and negative are
shared by the nodes.
(Continues)
Higher weight is assigned to
secondhand information
Both false praise and
bad-mouth attacks are avoided.
False repute attacks.
Bad-mouth and ballot
stuffing attacks
Gaussian distribution
is used.
Weighted trust computation
is used.
Routing attacks, gray hole
attacks, black hole attack,
bad-mouth attack, network
analysis attack
A weighted sum of energy
and distance metric is
calculated to compute trust.
More weight is assigned
to the distance metric,
where distance is
minimum between
two nodes.
More weight is assigned
to the energy metric.
Not addressed.
Localization attacks
Bad-mouthing and ballot
stuffing attacks
Beta distribution is applied.
Distance estimation
techniques are used.
Bad-mouth attacks
Security attack prevention
A weighted mean is
calculated for the
observation’s rating factor.
Trust computation
More weights are assigned
to the past information.
More weights are assigned
to the past observations.
Functional reputation
is used.
More weights are
assigned to the
recent observations.
Weight assignment
Table III. A taxonomy of comparison and features of commonly used TRMs for WSNs.
Trust and reputation systems for wireless sensor networks
O. Khalid et al.
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
Neutral reputation value is
assigned to newcomer
nodes. High frequency of
interaction
between nodes is required.
Neutral reputation value is
assigned to newcomer
nodes.
Qin et al. [94]
An adaptive forget
factor is used.
More weight is assigned
to the past observation.
More weight is given to
the recent information.
Only firsthand observations
are used.
Both firsthand and second
information are used.
Beta distribution is applied.
Beta distribution is applied.
Ranking-based and weightbased computations are used.
Not addressed.
Assuming the agents evaluating
the reputation of the nodes are
from the trusted third party, they
would not engage in badmouthing or ballot stuffing
attacks.
Not addressed.
A deviation test is used to prevent
bad-mouth and ballot-stuffing
attacks.
Beta distribution is used for
decision making.
Not addressed.
Security attack prevention
from a well-reputed node to
prevent ballot stuffing attack.
Trust computation
mouth attack. Functional
Reputation is used.
Weight assignment
Only firsthand observations
are used.
to generate trust rating.
Watchdog mechanism is used
to collect direct trust.
Both firsthand and
secondhand information
are used.
Observation
works; DRBTS, distributed reputation-based beacon trust system; ATSN, agent-based trust model for wireless sensor networks; PTM, pervasive trust management.
sensor routing; DETM, distributed event-triggered trust management; CONFIDANT, cooperation of nodes—fairness in dynamic ad hoc networks; RRS, robust reputation system; RFSN, reputation framework for sensor net-
TRM, trust and reputation monitoring; WSN, wireless sensor network; CORE, collaborative reputation mechanism; TTSN, task-based trust for sensor nodes; LSTL, lightweight secure trust-based localization; ATSR, ambient trust
PTM [37]
ATSN [93]
New nodes are assigned
neutral reputation value.
Nodes have to
frequently interact to hold
good trust rating. Beacon
nodes are used to establish
trust.
Neutral reputation value is
assigned to newcomer
nodes. High frequency of
interaction between nodes is
required.
to frequently interact to
hold good trust rating.
Network initialization
DRBTS [57]
Ref
Table III. (Continued)
O. Khalid et al.
Trust and reputation systems for wireless sensor networks
O. Khalid et al.
Trust and reputation systems for wireless sensor networks
A
A
B
B
B
Figure 4. Description of promiscuous mode. Node A transmits a packet and observes node B in promiscuous mode. When node B
forwards the packet, a copy of packet is also received by node A that verify the packet contents and then updates the trust rating
for node B.
Node A does not know the repute of node B
A
B
C replies A with
repute of B
Node A requests
node C about
repute of node B
Good relation
between B and C
C
Good relation between A and C
Figure 5. Secondhand trust information dissemination.
Firsthand
Information
Raw trust
information
Trust
Evaluation
Decision
Secondhand
Information
Weights
Figure 6. Trust computation process. The weights are applied to set the trust thresholds.
nodes. The intermediate nodes, on receiving the message,
extract path information from the packet (the IDs of nodes
traversed by packet) and store path information into the database. The intermediate node then appends the message with
the node’s own ID and new MAC value and forwards the
packet. In this manner, the hop-to-hop security is implemented. If the route traversed by the packet is within a certain
threshold value of distance, then and only then the destination node will send a route reply message.
4.4. Ambient trust sensor routing [13]
The ambient trust sensor routing (ATSR) framework
presents a distributed trust management system for the secure
routing of packets among sensor nodes. Each node, within
the network, periodically broadcasts beacon messages to
announce the node ID and the energy of the node. Another
periodic multicast message by the node is the reputation
request message that is sent directly to the neighboring nodes
for the collection of indirect trust (reputation) information.
The neighbors respond with a unicast reputation reply. Each
node maintains some trust metrics to evaluate the
neighboring nodes, namely, (i) forwarding, (ii) remaining energy, and (iii) distance. The forwarding metric is equal to the
total received packets divided by the total forwarded packets
and indicates whether the neighboring node is forwarding the
packet sent by the source node. After sending the packet to a
neighbor, the node enters into the promiscuous mode to
observe whether the neighbor has forwarded the packet or
not. With the use of the aforementioned procedure, the credibility of the neighbor is judged for the forwarding metric.
A node combines the direct and indirect trust values to
calculate total trust information. In addition, each node
computes a distance metric with one-hop neighbor nodes
whose value is maximum for the closest neighbor. The
packet is forwarded for routing to the neighbor nodes having
the maximum value of combined trust and distance metric.
Node A can detect a bad-mouth attack by comparing the
reputation response received from node C about node B.
The previous trust value is stored in node A’s reputation table
(direct and combined indirect trust values). If there is a
significant difference between the stored and reported trust
values (by node C), then node C is considered as a vicious
node performing bad-mouth attack.
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
O. Khalid et al.
The ATSR technique behaves in a similar manner to the
nontrust location-based greedy perimeter stateless routing
(GPSR) protocol [56], provided that there are no malicious
nodes within the network. GPSR selects the closest node to
forward packets. The simulation comparison between ATSR
and GPSR protocols demonstrate that with the increase
in malicious nodes within the network, the packet loss in
GPSR significantly increases. However, when comparing
the packet latency, ATSR has more delays compared with
GPSR due to the alternate route selection process due to
the presence of malicious node in neighborhood.
Energy conservation in ATSR is achieved by considering
the energy metric of the next-hop node before forwarding the
packet towards the node. In this manner, during an established session, the data flow may change routes multiple
times to achieve proper load balancing. The technique has
the additional advantage of preventing the network traffic
analysis attack. The emulation results for ATSR illustrate
that, for the implementation of indirect trust mechanism,
the memory requirements may also increase. Moreover, the
nodes’ mobility may increase packet loss. Therefore, if the
node mobility is higher, then the trust buildup will also take
more time within the network.
4.5. Distributed event-triggered trust
management [7]
Liu et al. [7] suggested a model in which each network node
has a set of modules to parse and store trust-related information for the neighboring nodes. A network node maintains a
set of information parameters that consists of (i) a public key
(shared among neighbors), (ii) reputation, (iii) remaining
energy, and (iv) network paths. A Gaussian distribution is
applied for the trust computation. To conserve energy, the
repute update process of the system is event triggered,
instead of relying on periodic broadcasts. A node’s decision
to cooperate with another node depends on the combined
trust (firsthand and secondhand) information as well as the
remaining energy of the node.
The distributed event-triggered trust management model
works in the following manner. If a node A needs to communicate with node B, then node A inquires about the reputation
information of node B by sending a broadcast message to
neighboring nodes C, D, and E. Suppose node C has the
required information available, node C will encrypt the
information using node A’s public key and will send the message back to node A as a unicast transmission. However,
there might be a possibility that node C is a malicious node
that has the public key of node A. Therefore, node A first
checks the credibility of node C by looking into the trust table. If there is no entry for node C, then node A discards the
message sent by node C. The other information that may
accompany node B’s trust information is the remaining
energy of node B. Using the aforementioned procedure, node
A receives the (node B’s) trust and remaining energy information from nodes D and E. Node A parses the acquired
trust information into a computational metric and applies
some weights (e.g., remaining energy of node B) to the
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
Trust and reputation systems for wireless sensor networks
information. The information is then passed to a Gaussian
distribution to extract the final trust value. If the resulting
value is above a certain threshold, then and only then node
A makes the decision of forwarding packet towards node B.
Packets may reach node B via nodes C, D or E depending
on which one of the nodes has the maximum remaining
energy.
4.6. Integrated trust framework (iTrust) [12]
The iTrust model is proposed as a distributed trust model.
The model categorizes the network nodes in two types,
namely, (i) monitor nodes and (ii) sensor nodes. The monitor
nodes are responsible for the accumulation of the trust information. A monitor node stores and computes the reputation
of all of the sensor nodes in the vicinity. Initially, each sensor
node within the network is assigned a neutral trust rating. A
learning phase is performed during which the monitor nodes
collect information for various parameters from the neighbor
nodes by acting promiscuously. The monitor nodes calculate
trust values for specific parameters and update the trust
tables. At the end of the learning phase, the monitor nodes
publish and share trust tables with neighbor nodes.
When a sensor node A needs to communicate with node
B, node A requests the monitor node for the repute of node
B. Node A then parses the repute of node B into a trust metric
to obtain the final trust value and initiates communication
with B only if the trust value of B is above a certain threshold.
There is a possibility that a monitor node becomes compromised by some adversary and begins to act as a malicious
node. Therefore, a compromised monitor node may perform
the false repute reporting attacks. In the iTrust framework,
the aforementioned problem is handled by the use of firsthand information within the system. If a monitor node
continuously misbehaves, then the reputation of the monitor
node would gradually decrease, and eventually, the monitor
node would be declared as a malicious node by other sensor
nodes.
4.7. CONFIDANT framework [50]
The distributed trust nature of “Cooperation of Nodes—
Fairness in Dynamic Ad hoc NeTworks” (CONFIDANT)
allows each node in the network to maintain both firsthand
and secondhand trust information about the neighboring
nodes. For network routing, the dynamic source routing
protocol is implemented. After sending the packet to a neighbor, each node in the network enters in a promiscuous mode
to detect the behavior of the neighboring node. Each node in
CONFIDANT scheme consists of four major components,
namely, (i) Monitor, (ii) Trust Manager, (iii) Reputation
System, and (iv) Path Manager. Using the Monitor, when a
node transmits a packet, the node keeps a copy of the original
packet and passively monitors the packet retransmission by
the neighbor to detect any change in the packet content.
Any modification in the packet content is reported to the
Reputation System with an alarm sent to the Trust Manager.
The Reputation System maintains a table that holds node
O. Khalid et al.
Trust and reputation systems for wireless sensor networks
entries and nodes’ trust ratings. The trust rating for a node
changes only when there is a significant number of
misbehaviors (as per threshold) performed by the node.
Therefore, a node is not penalized for momentary misbehavior (e.g., link failure).
The Path Manager component of the node serves as a
decision maker. The Path Manager deletes the paths to the
malicious nodes by analyzing the trust rankings and denies
the requests for path by any adversary node. In CONFIDANT, when a malicious node is excluded from network,
then the node may reenter the system after a certain timeout.
Therefore, the malicious node may acquire further chances to
attack. However, when the repeated attempts to reenter and
attack reaches a certain threshold, then the malicious node
is permanently expelled from the network.
In the system, different weights are also assigned to the
accumulated trust ratings. A node’s direct observation
about a neighbor is assigned a higher weight as compared
with the indirect trust information. For the information
dissemination, the nodes share only the bad experiences.
Therefore, the indirect trust information is only the negative information shared between the nodes. However, the
major disadvantage of this approach is that a node may
easily become the target of the bad-mouth attack. If the
nodes collude to perform bad-mouth attacks, then the
whole network may be under threat. There is also an
advantage of sharing only the negative information. The
nodes may never come under the false praise attack that
may help the malicious nodes to act in unison to increase
each other’s survival time in network.
4.8. Robust reputation system [35]
Robust reputation system is an improved version of
CONFIDANT, presented by the same authors (Buchegger
et al.). In the proposed scheme, the authors have included
both positive and negative reputation values to avoid false
praise and bad-mouth attacks. For the computation of
repute, Bayesian framework is used along with the Beta
distribution. Whenever a node receives secondhand information, the latter is subjected to a deviation test, the success
of which indicates authenticity of the information. In the
robust reputation system, more weight is assigned to the
recent experience, unlike CORE [51] in which more weight
is given to past experience to preclude a malicious node
from staying longer in the network because a malicious
node may initially behave positively but may start to
misbehave after the establishment of repute. Therefore,
more weight to recent observations would produce more
correct results in predicting node’s behavior.
4.9. Reputation framework for sensor
networks [36]
Ganeriwal and Srivastava [36] proposed reputation framework for sensor networks (RFSN) as a distributed and
symmetric trust framework for the WSNs. The nodes within
RFSN framework share both firsthand and secondhand trust
information. The other reputation metric a node may maintain is the functional reputation. In RFSN, the nodes share
only the positive trust information. A weight factor is applied
to the secondhand information. A higher weight factor will
be applied to the secondhand information received from a
well-reputed node. The trust computation is performed in
RFSN by using the Beta distribution. In the proposed
framework, RAB is the reputation information node A computes about node B. Moreover, nodes A and B have a total
number of a + b interactions, where a and b are positive
and negative interactions, respectively. The reputation of
node B computed by node A is given by the following:
new
RAB ¼ Beta anew
(3)
B þ 1; bB þ 1
anew
(4)
B ¼ wage aB þ a
bBnew ¼ wage aB þ b
(5)
where wage is the aging factor. The value of wage is proportional to the duration of stay of node B. In Equation (4),
anew
(the chance that node B has good repute) is computed
B
by multiplying the weight wage with the positive behaviors
aB of node B and then adding up with positive outcomes a
of recent interactions that node B performed with A. In the
same way, bnew
B is computed using Equation (5). The decision
that a node must cooperate is a binary value 1.
4.10. Distributed reputation-based beacon
trust system trust framework [57]
In a WSN, it is important for the nodes to transmit accurate
location information. A compromised sensor node may propagate incorrect coordinates to keep itself undetected. Therefore, the application of trust in secure localization of nodes is
imperative. In the distributed reputation-based beacon trust
system framework, Srinivasan et al. [57] proposed a distributed trust model for secure localization of nodes within a
WSN. The model consists of two major components, namely,
(i) the beacon nodes and (ii) the sensor nodes. Beacon nodes
have pre-identified locations, whereas the location of a sensor
node is computed using a mathematical triangulation method.
In triangulation, a sensor node broadcasts the location request
and enters into a promiscuous mode. On receiving the location
request message, the beacon nodes reply with the coordinates
at which the beacon nodes are located. When the aforementioned coordinate’s information is received by the sensor node,
the node verifies the information authenticity. The verification
process involves a deviation test in which the sensor node
compares new information with the pre-stored location
information (of the beacon nodes). A low deviation verifies
the information authenticity and the node correctly computes
the coordinates. The distributed reputation-based beacon trust
system model is distributed and each beacon node shares the
location information with the neighboring beacon nodes.
Whenever a beacon node replies to a location request, the
neighboring beacon nodes also increase the trust rating for
the subject beacon node.
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
O. Khalid et al.
4.11. Agent-based trust and reputation
monitoring scheme [32]
In the agent-based trust and reputation monitoring framework, Boukerch et al. [32] applied trust and reputation to a
clustered WSN. In the system, each node is installed with a
software component, known as mobile agent, that is responsible for the computation of trust. Whenever two nodes need
to interact, the mobile agents on the respective nodes perform
a one-to-one communication to exchange reputation information. To understand the procedure, suppose a requestor
node A needs to interact with a provider node B for some
service. The mobile agent on node A queries the reputation
information from the mobile agent on node B. If the reputation of node B is acceptable for node A, then and only then
node A interacts with node B. After a certain interaction,
node A generates a trust rating for node B that may depend
on the quality of service provided by node B to node A.
The mobile agent on node A forwards the trust rating to the
corresponding mobile agent on node B, where the new
reputation is updated. Therefore, with an agent-to-agent
direct interaction implemented, there is no need to flood the
network with broadcast reputation request messages. However, the authors did not comment on how various security
attacks must be countered, when any of the requestor or the
provider nodes are compromised by an adversary.
5. TAXONOMY OF TRMs
In Table III, the taxonomy of various trust models is
presented. The comparisons are made on certain parameters
such as (i) network initialization, (ii) type of observation,
(iii) weight assignment to trust information, (iv) trust computation approach, and (v) the type of security attacks that are
addressed by the TRM. From the comparisons, we note that
most of the frameworks imply neutral trust rating for the
newly deployed nodes in the network. Moreover, in most
of the presented models, both firsthand and secondhand
information are used in the reputation calculation. In the most
recent models, the recently observed information is given
greater weightage as compared to the past information. The
comparison provides a quick reference to the current trends
in the research and design of various TRMs. In Table IV,
some common strengths and weaknesses for a few selected
TRMs are discussed.
Trust and reputation systems for wireless sensor networks
research in the field of TRMs, which are discussed in the
subsequent paragraphs.
• One of the significant issues in TRMs is the bootstrapping problem. Bootstrapping is the time a TRM may
require for the trust buildup in the network. In practice,
the nodes in a WSN are deployed with some initial
security measures, such as predeployment and key
distributions [58]. However, it may still take some time
to establish a global trust view of the network. This delay
may not be acceptable for time-critical applications.
• In a few TRMs (e.g., [51]), to survive in the network, a
node must continuously contribute to the network
traffic. Nodes in the low activity areas of a network
may suffer because of their gradual decrease in reputation. Therefore, a mechanism must be devised to keep
the repute above a threshold in such low activity areas.
• In most of the trust models, a node calculates the direct
trust through promiscuous learning mode. However,
when directional antennas are used, the technique
becomes difficult to implement. Similarly, noise may
be another factor that can cause hindrances to watchdog
mechanisms.
• In mobile WSNs, because of the mobility of nodes, the
trust information cannot be symmetric. Therefore,
WSNs are further exposed to security threats, because
of the frequent change of neighbors. Some mobile
nodes with greater resources (acting as beacon nodes)
must be dedicated to hold the security and reputation
information for the rest of the nodes. Therefore, a
choreographic mobility pattern may also be required
by the beacons for the uniform distribution of the trust
information.
• The implementation of trust, in a WSN, may require
additional data structures and resources on each node.
Scalability is one of major challenges for a TRM, and
most of the literature works have not discussed this
issue. Most of the TRMs that we discussed in this
survey use a flooding approach for trust information
dissemination, and this may lead to high traffic over
the network. With the addition of more nodes in the
network, the performance may further degrade. Therefore, the real implementation of trust and reputation on
a WSN with large number of nodes may be a challenging task and requires further research in balancing the
trust benefits and communication overheads.
6. FUTURE DIRECTIONS
7. CONCLUSIONS
Although there is much research work conducted in application of trust and reputation in various network domains,
the task is still in evolutionary phases in the case of WSNs,
where node security is the biggest challenge because of
low resources of node. Every proposed TRM has some
limitations and covers only a subset of various issues and
challenges in providing complete security to a WSN. In
this survey, we identified some of the hot issues for
Trust is an important tool for self-configuring and autonomous systems, such as WSNs, to make effective decisions
in detecting a misbehaving node. The task of establishing
trust and reputation becomes more challenging when the
nodes are mobile. In this survey, we presented an in-depth
description of trust and reputation to use as a basis for
understanding of the functionality of TRMs. We defined
various cryptography techniques and illustrated the reasons
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
The localization attacks in which a malicious node
provides false information about its location are prevented.
The packet drop rate in GPSR due to malicious
nodes in the network is decreased. The network
throughput is increased.
Event-triggered repute update process is introduced to
save the nodes energy, which is consumed more in
the case of periodic repute update.
There is improvement in the routing protocol
DSR to cope with the malicious nodes in
the network.
LSTL [10]
As secondhand information, the negative information (experiences) is only
shared by the nodes. The disadvantage of this approach is that a node may
easily become the target of the bad-mouth attack.
The system uses public key cryptography. This may decrease the overall
throughput in a large network because of high computations required by the nodes.
The system requires frequent contribution by nodes in network traffic.
The nodes in areas with low traffic will have a gradual decrease in trust rating,
until the trust rating may reach zero.
The trust buildup process at whole network level is slow because only firsthand
information is used. More weights are assigned to the recent observations
and due which a node receives severe punishment for a temporary misbehavior, for
example, link problem.
Each node has to maintain the information of the complete path traversed by
the packet. This can cause overload on memory, in a memory-constrained sensor node.
Periodic requests are sent for firsthand and secondhand information collection
that may cause the high volume of traffic over the network.
Weaknesses
distributed event-triggered trust management; CONFIDANT, cooperation of nodes—fairness in dynamic ad hoc networks; GPSR, greedy perimeter stateless routing; DSR, dynamic source routing.
TRM, trust and reputation monitoring; CORE, collaborative reputation mechanism; TTSN, task-based trust for sensor networks; LSTL, lightweight secure trust-based localization; ATSR, ambient trust sensor routing; DETM,
CONFIDANT [50]
DETM [7]
ATSR [13]
TTSN [6]
Because both firsthand and secondhand information
is shared, the system has defense against false praise
attacks and bad-mouth attacks.
The system provides more granularities by observing a
node’s misbehavior in a specific task, rather
than blocking all communications with the node.
Strengths
CORE [51]
Ref
Table IV. A comparison of strengths and weaknesses for a few selected TRMs.
Trust and reputation systems for wireless sensor networks
O. Khalid et al.
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
O. Khalid et al.
why just cryptography is not sufficient to provide complete
security for WSNs. The survey discussed in detail the
characteristics of trust and the different types of misbehaviors
the nodes may perform in a WSN so that a carefully designed
TRM system must tackle all the security challenges. The trust
computation steps and the reputation model buildup processes are illustrated with thorough details. An overview of
state of the art of modern TRM systems in WSN is presented,
and the survey is concluded with a concise comparison table
for selected TRMs over various parameters and another
tabular presentation of some strengths and weaknesses for
the selected models.
ACKNOWLEDGEMENTS
The authors thank Kashif Bilal and Saif Malik for
their valuable comments and feedback in this survey.
Samee U. Khan’s work was partly supported by the Young
International Scientist Fellowship of the Chinese Academy
of Sciences, (Grant No. 2011Y2GA01).
REFERENCES
1. Khan AR, Madani SA, Hayat K, Khan SU. Clusteringbased power controlled routing for mobile wireless
sensor networks. International Journal of Communication Systems 2012; 25(4):529–542.
2. Yick J, Mukherjee B, Ghosal D. Wireless sensor network
survey. Computer Networks: The International Journal of
Computer and Telecommunications Networking, Elsevier
2008; 52(12):2292–2330.
3. Akyildiz IF, Su W, Sankarasubramaniam Y, Cayirci E.
A survey on sensor networks. IEEE Communications
Magazine 2002; 40(8):104–112.
4. Khan SU. Approximate optimal sensor placements in
grid sensor fields. 65th Semi-annual IEEE Vehicular
Technology Conference (VTC), Dublin, Ireland, April
2007; 248–251.
5. Srinivasan A, Li F, Wu J. A novel CDS-based reputation
monitoring system for wireless sensor networks. 28th
International Conference on Distributed Computing
Systems (ICDCS ’08) Workshop, 2008.
6. Chen H. Task-based trust management for wireless
sensor networks. International Journal of Security
and its Applications 2009; 3(2):21–26.
7. Liu S, Pang L, Pei Q, Ma H, Peng Q. Distributed eventtriggered trust management for wireless sensor networks.
Fifth International Conference on Information Assurance
and Security, 2009.
8. Arenas AE, Aziz B, Silaghi GC. Reputation management in collaborative computing systems. Security and
Communication Networks 2010; 3(6):546–564.
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
Trust and reputation systems for wireless sensor networks
9. Bistarelli S, Foley SN, O’Sullivan B, Santini F. Semiringbased frameworks for trust propagation in small-world
networks and coalition formation criteria. Security and
Communication Networks 2010; 3(6):595–610.
10. Pandarinath P, Shashi M, Rao A. A lightweight secure
trust-based localization scheme for wireless sensor
networks. International Journal of Computer Science
and Information Security (IJCSIS) 2010; 8(3).
11. Balfe S, Yau P, Paterson KG. A guide to trust in mobile
ad hoc networks. Security and Communication Networks
2010; 3(6):503–516.
12. Yadav K, Srinivasan A. iTrust: an integrated trust
framework for wireless sensor networks. 25th ACM Symposium on Applied Computing (SAC’10), Switzerland,
March 22–26, 2010.
13. Zahariadis T, Leligou H, Karkazis P, et al. Design and
implementation of a trust-aware routing protocol for
large WSNs. International Journal of Network Security
and Its Applications (IJNSA) 2010; 2(3):52–68.
14. Glynos D, Argyroudis P, Douligeris C. Collaborative
service evaluation with the TwoHop trust framework.
Security and Communication Networks. DOI: 10.1002/
sec.355, Article first published online: 29 July, 2011.
15. Mana M, Feham M, Bensaber BA. Trust key management scheme for wireless body area networks. International Journal of Network Security 2011; 12(2):71–79.
16. Ren Y, Li M, Sakurai K. FineTrust: a fine-grained trust
model for peer-to-peer networks. Security and Communication Networks 2011; 4(1):61–69.
17. Cho J, Chen I, Swami A. A Survey on trust management for mobile ad hoc networks. IEEE Communications Surveys and Tutorials 2010; 13(4):562–583.
18. Govindan K, Mohapatra P. Trust computations and
trust dynamics in mobile adhoc networks: a survey.
IEEE Communications Surveys and Tutorials 2011;
99:1–20.
19. El-Hajj W, Safa H, Guizani M. Survey of security issues
in cognitive radio networks. Journal of Internet Technology 2011; 12(2):181–198.
20. Lopez J, Roman R, Agudo I, Fernandez-Gago C. Trust
management systems for wireless sensor networks:
best practices. Computer Communications 2010;
33(9):1086–1093.
21. Esch J. A Survey of trust and reputation management
systems in wireless communications. Proceedings of
the IEEE 2010; 98(10):1755–1772.
22. Momani M, Challa S. Survey of trust models in different
network domains. International Journal of Ad hoc Sensor
and Ubiquitous Computing (IJASUC) 2010; 1(3):1–19.
23. Ramana KS, Chari A, Kasiviswanth N. A survey on trust
management for mobile ad hoc networks. International
Journal of Network Security and Its Applications
(IJNSA) 2010; 13(4): 562–583.
Trust and reputation systems for wireless sensor networks
24. Yu H, Shen Z. A survey of trust and reputation
management systems in wireless communications.
Proceedings of the IEEE, School of Computer Engineering, Nanyang Technology University, Singapore 2010;
98(10):1755–1772.
25. Srinivasan A, Wu J. A survey on secure localization in
wireless sensor networks. In Encyclopedia of Wireless
and Mobile Communications, Furht B (ed). CRC
Press, Taylor and Francis Group: Florida, USA, 2007.
26. Fernandez-Gago C, Roman R, Lopez J. A survey on
the applicability of trust management systems for wireless sensor networks. 3rd International Workshop on
Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU’07), 2007; 25–30.
27. Forouzan BA. Data Communications and Networking
(4th edn). McGraw-Hill: New York, USA, 2007.
28. Rivest R, Shamir A, Adleman L. a method for obtaining digital signatures and public-key cryptosystems.
Communications of the ACM 1978; 21(2):120–126.
29. Dutertre B, Cheung S, Levy J. Lightweight key management in wireless sensor networks by leveraging initial trust. System Design Laboratory SRI International
Technical Report, 2004; 1–18.
30. Xiao Y, Rayi VK, Sun B, Du X, Hu F, Galloway M. A
survey of key management schemes in wireless
sensor networks. Computer Communications 2007;
30(11–12):2314–2341.
31. Zhou L, Chao H. Multimedia traffic security
architecture for internet of things. IEEE Network
2011; 25(3):29–34.
32. Boukerch A, Xu L, El-Khatib K. Trust-based security for
wireless ad-hoc and sensor networks. Computer Communications- Elsevier 2007; 30(11–12):2413–2427.
33. Yang L, Mu D, Cai X. Study on intrusion detection for
wireless sensor network. Journal of Application
Research of Computers 2008; 25(11):2304–2308.
34. Srinivasan A, Teitelbaum J, Liang H, Wu J, Cardei M.
Reputation and trust based system for ad hoc and
sensor networks. In Algorithms and Protocols for
Wireless Ad-Hoc and Sensor Networks, Boukerche A
(ed). Wiley & Sons: New Jersey, 2008.
35. Buchegger S, Boudec JYL. A robust reputation system
for peer-to-peer and mobile ad-hoc networks. Proceedings of P2PEcon, June 2004.
36. Ganeriwal S, Srivastava M. Reputation-based framework for high integrity sensor networks. Proceedings
of the 2nd ACM Workshop on Security of Ad Hoc and
Sensor Networks (SASN ’04), October 2004; 66–77.
37. Almenarez F, Marin A, Diaz D, Sanchez J. Developing a
model for trust management in pervasive devices. 4th
Annual IEEE International Conference on Pervasive
Computation Communication, Washington DC, 2006;
267–271.
O. Khalid et al.
38. Weng J, Miao C, Goh A. An entropy-based approach
to protecting rating systems from unfair testimonies.
The Institute of Electronics and Information Communication Engineers (IEICE) Transactions on Information and Systems 2006; E89-D(9):2502–2511.
39. Khan SU, Loukopoulos T, Li H. Advances in wireless,
mobile and P2P based internet protocols, applications,
and architectures. International Journal of Internet
Protocol Technology 2011; 6(1–2):1–2.
40. Aberer K, Despotovic Z. Managing trust in a peer-2peer information system. Proceedings of the 10th
international conference on Information and knowledge management ACM, New York, 2001.
41. Khan SU, Bouvry P. Energy-efficient communications
for high-performance distributed systems. International Journal of Communication Networks and Distributed Systems 2011; 6(1):1–2.
42. Papalilo E, Freisleben B. Managing behavior trust in
grid computing environments. Journal of Information
Assurance and Security 2008; 1:27–37.
43. Conti M, Kumar M. Opportunities in opportunistic
computing. IEEE Computer 2010; 43(1):42–50.
44. Vinel A, Campolo C, Petit J, Koucheryavy Y. Trustworthy broadcasting in IEEE 802.11p/WAVE vehicular networks: delay analysis. IEEE Communications
Letters 2011; 15(9):1010–1012.
45. Resnick P, Kuwabara K, Zeckhauser R, Friedman E.
Reputation systems: facilitating trust in e-commerce
systems. Communications of the ACM 2006; 43
(12):45–48.
46. Li J, Wang H, Khan SU. A semantics-based approach
to large-scale mobile social networking. ACM/
Springer Mobile Networks and Applications 2012; 17
(2):192–205.
47. Skopik F, Truong H, Dustdar S. Trust and reputation
mining in professional virtual communities. International Conference on Web Engineering (ICWE ’9),
2009; 76–90.
48. Srinivasan A. Reputation and trust-based security in
wireless sensor networks. PhD Thesis, Florida Atlantic
University, 2008.
49. Hadjichristofi GC, Adams WJ, Davis NJ. A framework for key management in a mobile ad hoc network.
Proceedings of International Conference on Information Technology: Coding and Computing, China,
Vol. 2, 4–6 April 2005; 568–573.
50. Buchegger S, Boudec L. Performance analysis of the
CONFIDANT protocol (cooperation of nodes—
fairness in dynamic ad-hoc networks). 3rd ACM
International Symposium on MobiHoc, Lausanne,
June 2002.
51. Michiardi P, Molva R. CORE: a collaborative reputation mechanism to enforce node cooperation in mobile
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
O. Khalid et al.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
ad hoc networks. Communication and Multimedia
Security, September, 2002.
Bansal S, Baker M. Observation-based cooperation
enforcement in ad hoc networks. Proceedings of
Computing Research Repository (CoRR), 2003.
Marti S, Giuli TJ, Lai K, Baker M. Mitigating routing
misbehaviour in mobile ad hoc networks. Proceedings
of the 6th Annual International Conference on Mobile
Computing and Networking (MobiCom), 2000.
Johnson DB, Maltz DA. DSR: the dynamic source
routing protocol for multi-hop wireless ad hoc networks. In Ad Hoc Networking, Chapter 5, Perkins CE
(ed). Addison-Wesley: Boston, Massachusetts, USA,
2001; 139–172.
Boukerche A, Li X. An agent-based trust and reputation management scheme . IEEE Global Telecommunications Conference, 2005; pp. 5.
Karp B, Kung HT. GPSR: greedy perimeter stateless
routing for wireless networks. Proceedings of the 6th
Annual International Conference on Mobile Computing and Networking (MobiCom’00), 2000.
Srinivasan A, Wu J, Teitelbaum J. DRBTS: distributed
reputation based beacon trust system. 2nd IEEE International Symposium on Dependable, Autonomic and
Secure Computing (DASC’06), 2006; 277–283.
Chan H, Perrig A, Song D. Random key predistribution schemes for sensor networks. Proceedings of Symposium on Security and Privacy, May 2003; 197–213.
Perrig A, Szewczyk R, Wen V, Culler D, Tygar D.
SPINS: security protocols for sensor networks. Wireless Networks Journal 2002; 8(5):189–199.
Karlof C, Sastry N, Wagner D. TinySec: link layer
encryption for tiny devices. Proceedings of the Second
ACM Conference on Embedded Networked Sensor
Systems (SenSys), 2004.
Ganeriwal S, Kumar R, Han C, Lee S, Srivastava MB.
Location and identity based secure event report
generation for sensor networks. Nested Data-Parallel
Language (NESL) Technical Report, May 2004.
Watro R, Kong D, Cuti SF, Gardiner C, Lynn C, Kruus
P. TinyPK: securing sensor networks with public key
technology. Second workshop on Security in Sensor
and Ad-hoc Networks, 2004.
Ye F, Luo H, Lu S, Zhang L. Statistical en-route
detection and filtering of injected false data in sensor
networks. In Proceedings of IEEE Infocom, 2004.
Deng J, Han R, Mishra S. INSENS: intrusion-tolerant
routing for wireless sensor networks. Journal of
Computer Communications 2006; 29(2):216–230.
Hazard CJ, Singh MP. Intertemporal discount factors
as a measure of trustworthiness in electronic commerce. IEEE Transactions on Knowledge and Data
Engineering 2011; 23(5):699–721.
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec
Trust and reputation systems for wireless sensor networks
66. Benamati J, Fuller MA, Serva MA, Baroudi J. Clarifying the integration of trust and TAM in e-commerce
environments: implications for systems design and
management. IEEE Transactions on Engineering
Management 2010; 57(3):380–393.
67. Symeonidis P, Nanopoulos A, Manolopoulos Y.
Providing justifications in recommender systems.
IEEE Transactions on Systems, Man and Cybernetics,
Part A: Systems and Humans 2008; 38(6):1262–1272.
68. Wang Y, Lin K. Reputation-oriented trustworthy computing in e-commerce environments. IEEE Internet
Computing 2008; 12(4):55–59.
69. Josang A, Ismail R. The beta reputation system. The
15th Bled Electronic Commerce Conference, Slovenia,
2002.
70. Resnick P, Kuwabara K, Zeckhauser R, Friedman E.
Reputation systems. Communications of the ACM
2000; 43(12):45–48.
71. Blaze M, Feigenbaum J, Ioannidis J, Keromytis A. The
keynote trust management system. University of
Pennsylvania, 1999.
72. Xu S, Li X, Parker TP, Wang X. Exploiting trust-based
social networks for distributed protection of sensitive
data. IEEE Transactions on Information Forensics
and Security 2011; 6(1):39–52.
73. Dijiang H, Xiaoyan H, Gerla M. Situation-aware trust
architecture for vehicular networks. IEEE Communications Magazine 2010; 48(11):128–135.
74. Cutillo LA, Molva R, Strufe T. Safebook: a privacypreserving online social network leveraging on reallife trust. IEEE Communications Magazine 2009; 47
(12):94–101.
75. Trier M, Bobrik A. Social search: exploring and
searching social architectures in digital networks.
IEEE Internet Computing 2009; 13(2):51–59.
76. Yu H, Kaminsky M, Gibbons PB, Flaxman AD.
SybilGuard: defending against sybil attacks via social
networks. IEEE/ACM Transactions on Networking
2008; 16(3).
77. Abdul-Rahman A, Hailes S. Supporting trust in virtual
communities. 33rd Hawaii International Conference
on System Sciences, Hawaii, 2000.
78. Chen S, Zhang Y, Yang G. Parameter-estimation
based trust model for unstructured peer-to-peer
networks. IET Communications 2011; 5(7):922–928.
79. Chen K, Hwang K, Chen G. Heuristic discovery of
role-based trust chains in peer-to-peer networks. IEEE
Transactions on Parallel and Distributed Systems
2009; 20(1):83–96.
80. Lu L, Han J, Liu Y, et al. Pseudo trust: zeroknowledge authentication in anonymous P2Ps. IEEE
Transactions on Parallel and Distributed Systems
2008; 19(10):1–13.
Trust and reputation systems for wireless sensor networks
81. Zhou R, Hwang K. PowerTrust: a robust and scalable
reputation system for trusted peer-to-peer computing.
IEEE Transactions on Parallel and Distributed
Systems 2007; 18(5):1–14.
82. Lu Y, Wang W, Bhargava B, Xu D. Trust-based
privacy preservation for peer-to-peer data sharing.
IEEE Transactions on Systems, Man and Cybernetics,
Part A: Systems and Humans 2006; 36(3):498–502.
83. Xiong L, Liu L. PeerTrust: supporting reputationbased trust for peer-to-peer electronic communities.
IEEE Transactions on Knowledge and Data Engineering 2004; 16(7):843–857.
84. Borowski JF, Hopkinson KM, Humphries JW, Borghetti
BJ. Reputation-based trust for a cooperative agent-based
backup protection scheme. IEEE Transactions on Smart
Grid 2011; 2(2):287–301.
85. Lin L, Huai J. QGrid: an adaptive trust aware resource
management framework. IEEE Systems Journal 2009;
3(1):78–90.
86. Blanquer I, Hernandez V, Segrelles D, Torres E. Enhancing privacy and authorization control scalability in
the grid through ontologies. IEEE Transactions on Information Technology in Biomedicine 2009; 13(1):16–24.
87. Song S, Hwang K, Kwok Y. Risk-resilient heuristics
and genetic algorithms for security-assured grid job
scheduling. IEEE Transactions on Computers 2006;
55(6):703–719.
88. Song S, Hwang K, Kwok Y. Trusted grid computing
with security binding and trust integration. Journal of
Grid Computing 2005; 3(1–2):53–73.
O. Khalid et al.
89. Das A, Islam MM, Sorwar G. Dynamic trust model for
reliable transactions in multi-agent systems. 13th International Conference on Advanced Communication
Technology (ICACT), 2011; 1101–1106.
90. Wang B, Huang C, Yang W, Wang T. Trust opportunistic routing protocol in multi-hop wireless networks.
IEEE International Conference on Wireless Communications, Networking and Information Security
(WCNIS), 2010; 563–567.
91. Goncalves MRP, Moreira EDS, Martimiano LAF.
Trust management in opportunistic networks. 9th
International Conference on Networks (ICN), 2010;
209–214.
92. Denko MK, Woungang I, Obaidat MS. Trust management in opportunistic pervasive healthcare systems.
16th IEEE International Conference on Electronics,
Circuits and Systems (ICECS), 2009; 832–835.
93. Chen H, Zhou X, Gao C. Agent-based trust model in
wireless sensor networks. 8th ACIS International Conference on Software Engineering, Artificial Intelligence,
Networking, and Parallel/Distributed Computing, 2007;
119–124.
94. Qin T, Yu H, Leung C, Shen Z, Miao C. Towards a
trust aware cognitive radio architecture. ACM Sigmobile
Mobile Computing and Communications 2009; 13
(2):86–95.
95. Chen C-Y, Chao H-C. A survey of key distribution in
wireless sensor networks. Security and Communication Networks. DOI: 10.1002/sec.354, article first published online, July 2011.
Security Comm. Networks (2012) © 2012 John Wiley & Sons, Ltd.
DOI: 10.1002/sec